Monday, 11 January 2016

IT Change Control - But Why

This is not be a huge post on the topic, a very simple post (Rant) on why it is important, for all parties involved. For the purpose of the post, i will break it up into 2 different categories, IT Importance and Client (Business) importance.

Let's start with a scenario, You get a support call from a client, that they cannot create Projects, nor Project Workspaces, in Project Online, after the December holliday break. No one really worked during the holliday's but there are issues on the environment.

So now the consultant has to go out to observe the error and all the broken items in the environment. Once you get there and start troubleshooting, you find it is a feature on a SharePoint Site, that has been de-activated.

The client themselves could not do it, they do not have this permissions, we did not do it, so that leaves, a 3rd Party vendor, in charge of their O365 deployment. Apparently they did n "clean-up" and security activity during the holliday's, and though the Limited -access user permission lockdown mode is Unnecessary and can be switched off!

This deactivation of the feature caused all of the issues in the environment. After switching it on, it works again.

The impact that this unscheduled change had :

IT Impact

4 Hours of on-site work

No starting point for troubleshooting

No idea why something was changed (the logic behind the change)

No documentation of implemented or proposed changes

No discussion of possible impact to other systems, on change implementation

Unnecessary disruption of service and unnecasary time and cost spent

Yes we can bill for the work, which is not the major issue, but rather the impact on the business affected :

Business Impact

Unnecessary disruption of service

Unnecessary cost impact

No idea of any changes that happened in their environment

End user time impact, their work falls behind which mean projects could potentially be delayed.

"System Confidence", sound rather minor, but a bunch of incidents like this, could very quickly cause users to "dislike" or not "trust" a system, due to the frequent down time.

So please, for everone involved's sanity levels as well as cost and business impact, follow some sort of change process, and document any changes made.

To finish off, please find below a good description of a change:

Change control is a systematic approach to managing all changes made to a product or system. The purpose is to ensure that no unnecessary changes are made, that all changes are documented, that services are not unnecessarily disrupted and that resources are used efficiently. Within information technology (IT), change control is a component of change management.